Open Security
Encyclopedia
Open security is an initiative to approach application security
challenges using open source
philosophies and methodologies. Traditional application security is based on the premise that any application or service (whether it is malware
or desirable) relies on security through obscurity
.
On the developer side, legitimate software and service providers can have independent verification and testing of their source code. On the information technology
side, companies can aggregate common threats, patterns, and security solutions to a variety of security issues.
Application security
Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application.Applications only...
challenges using open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
philosophies and methodologies. Traditional application security is based on the premise that any application or service (whether it is malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
or desirable) relies on security through obscurity
Security through obscurity
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security...
.
On the developer side, legitimate software and service providers can have independent verification and testing of their source code. On the information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
side, companies can aggregate common threats, patterns, and security solutions to a variety of security issues.
See also
- Kerckhoffs's Principle
- OASIS (organization)OASIS (organization)The Organization for the Advancement of Structured Information Standards is a global consortium that drives the development, convergence and adoption of e-business and web service standards...
(Organization for the Advancement of Structured Information Standards) - OWASPOWASPThe Open Web Application Security Project is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and...
(Open Web Application Security Project) - Open governmentOpen governmentOpen government is the governing doctrine which holds that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight. In its broadest construction it opposes reason of state and racist considerations, which have tended to legitimize...
- Homeland Open Security TechnologyHomeland Open Security TechnologyHomeland Open Security Technology is a five-year, $10 million program by the Department of Homeland Security's Science and Technology Directorate to promote the creation and use of open security and open-source software in the United States government and military, especially in areas pertaining...